Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2008-4067

Date: September 24, 2008

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.

Severity Score

Related Resources (57)

http://secunia.com/advisories/32196
http://www.0x000000.com/?i=422
http://secunia.com/advisories/31987
http://secunia.com/advisories/31985
http://secunia.com/advisories/31984
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/32082
http://www.redhat.com/support/errata/RHSA-2008-0882.html
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://www.debian.org/security/2008/dsa-1669
http://secunia.com/advisories/33433
http://secunia.com/advisories/32144
http://secunia.com/advisories/33434
https://exchange.xforce.ibmcloud.com/vulnerabilities/45359
http://secunia.com/advisories/32185
http://www.redhat.com/support/errata/RHSA-2008-0879.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10770
https://access.redhat.com/security/cve/CVE-2008-4067
https://bugzilla.mozilla.org/show_bug.cgi?id=380994
http://secunia.com/advisories/32025
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
https://nvd.nist.gov/vuln/detail/CVE-2008-4067
http://www.ubuntu.com/usn/usn-645-1
http://www.ubuntu.com/usn/usn-645-2
http://www.ubuntu.com/usn/usn-647-1
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/32012
http://secunia.com/advisories/32011
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/32010
http://secunia.com/advisories/32096
http://secunia.com/advisories/32095
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
https://bugzilla.mozilla.org/show_bug.cgi?id=394075
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
http://www.redhat.com/support/errata/RHSA-2008-0908.html
http://www.vupen.com/english/advisories/2008/2661
http://www.debian.org/security/2008/dsa-1649
http://secunia.com/advisories/32089
http://secunia.com/advisories/34501
http://secunia.com/advisories/32044
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4067
http://secunia.com/advisories/32042
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
http://secunia.com/advisories/32845
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://secunia.com/advisories/32007
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
http://secunia.com/advisories/32092
http://www.securitytracker.com/id?1020921
http://www.securityfocus.com/bid/31346
https://www.mend.io/vulnerability-database/CVE-2008-4067

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us